Thanks. However since it didn't even occur to me to do that, it doesn't seem likely that many less technical people will do it.

Less technical people will never understand, much less care, what a CA is. It's hard anything explaining the concept of a URL!

There are lots of people between 'a HN reader' and 'your grandmother'. There will always be people who don't understand what a CA is; but the more people who do, the more pressure there will be for them to do their job correctly.

Also, they don't need to understand the technical details. If every time they go to their bank it says 'connection to your bank certified by verisign', and then one day it says 'certified by <someone else>', then a cautious person will be suspicious, even if they are completely nontechnical.

There are much better ways to notify users than trying to convince them of the value of monitoring their bank's CA. The browser could simply keep track of the cert and notify the user if it changes unexpectedly. This doesn't require the user to understand anything new, and it still works in the case that the fraudulent cert is signed by Verisign.